This invention relates generally to analysis of software programs such as object code, byte code, source code, executable code, and libraries, and, more specifically, relates to analysis of software programs both during execution of the software programs and during static analysis of the software programs.
Static analysis is a type of analysis performed on a software program, where the software program is analyzed without actual execution of the software program. Typically, this analysis is performed using the source or object code of the software program and a line-by-line analysis of the program. Additionally, other tools such as points-to or call graphs may be used to aid the analysis.
The challenge of verifying whether a given program suffers from security vulnerabilities is of great importance. Static analysis techniques are a natural candidate for performing this task since they are sound; that is, if the analysis flags a vulnerability, then the report may either be a true positive or a false positive. On the other hand, if the analysis indicates that there are no vulnerabilities, then this is guaranteed to be the case. Put differently, there are no false negatives.
The most fundamental limitation of static-analysis techniques lies on the notorious tradeoff they are forced to make between precision and scalability: The analysis can often not be both precise and scalable, and it is nearly impossible to find the “sweet spot” between these two extremes given the large variety of target programs.